Add NAME_MAX checks and update file times

NAME_MAX should be enforced per filesystem implementation
because other file systems may not have the same restriction.

Gofer filesystem now keeps a reference to the kernel clock to
avoid lookup in the Context on file access to update atime.

Update access, modification, and status change times in tmpfs.

Updates #1197, #1198.

PiperOrigin-RevId: 304527148

1 files changed, 9 insertions, 0 deletions

diff --git a/pkg/sentry/fsimpl/kernfs/filesystem.go b/pkg/sentry/fsimpl/kernfs/filesystem.go
index a429fa23d..89f5da3d4 100644
--- a/pkg/sentry/fsimpl/kernfs/filesystem.go
+++ b/pkg/sentry/fsimpl/kernfs/filesystem.go
@@ -63,6 +63,9 @@ afterSymlink:
 		rp.Advance()
 		return nextVFSD, nil
 	}
+	if len(name) > linux.NAME_MAX {
+		return nil, syserror.ENAMETOOLONG
+	}
 	d.dirMu.Lock()
 	nextVFSD, err := rp.ResolveChild(vfsd, name)
 	if err != nil {
@@ -191,6 +194,9 @@ func checkCreateLocked(ctx context.Context, rp *vfs.ResolvingPath, parentVFSD *v
 	if pc == "." || pc == ".." {
 		return "", syserror.EEXIST
 	}
+	if len(pc) > linux.NAME_MAX {
+		return "", syserror.ENAMETOOLONG
+	}
 	childVFSD, err := rp.ResolveChild(parentVFSD, pc)
 	if err != nil {
 		return "", err
@@ -433,6 +439,9 @@ afterTrailingSymlink:
 	if pc == "." || pc == ".." {
 		return nil, syserror.EISDIR
 	}
+	if len(pc) > linux.NAME_MAX {
+		return nil, syserror.ENAMETOOLONG
+	}
 	// Determine whether or not we need to create a file.
 	childVFSD, err := rp.ResolveChild(parentVFSD, pc)
 	if err != nil {